<?php
$UID=$_REQUEST["UID"];
$RID=$_REQUEST["RID"];
if(!isset($UID)||!isset($RID)) { ?> <body onLoad='alert("Invalid request source");self.history.go(-1);' /> <?php die();}
$con=mysql_connect("localhost","William");

if (!$con){
	die("MySQL Error " . mysql_error());
}
mysql_select_db("osa", $con); 

$query=mysql_query("SELECT * FROM resource WHERE RID=$RID");
if(!$query) die("MySQL Error " . mysql_error());
$row=mysql_fetch_array($query);
if(!$row) die("Internal Error: Resource #$RID not found");
if($row["UID"]!=$UID){
	$query=mysql_query("SELECT * FROM user WHERE UID=$UID");
	if(!$query) die("MySQL Error " . mysql_error());
	$rowuser=mysql_fetch_array($query);
	if(!$rowuser) die("Internal Error: User #$UID not found");
	$newpt=$rowuser["point"]-$row["points"];
	$query=mysql_query("UPDATE user SET point=$newpt WHERE UID=$UID");
	if(!$query) die("MySQL Error " . mysql_error());
}
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename=' . $row["name"]);
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize('../upload/' . $row["path"]));
ob_clean();
flush();
readfile('../upload/' . $row["path"]);	
?>